aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/ktime.h2
-rw-r--r--kernel/futex.c2
-rw-r--r--kernel/futex_compat.c2
-rw-r--r--kernel/hrtimer.c48
-rw-r--r--kernel/posix-timers.c8
5 files changed, 40 insertions, 22 deletions
diff --git a/include/linux/ktime.h b/include/linux/ktime.h
index 36c542b70c6d..2cd7fa73d1af 100644
--- a/include/linux/ktime.h
+++ b/include/linux/ktime.h
@@ -310,6 +310,8 @@ static inline ktime_t ktime_sub_us(const ktime_t kt, const u64 usec)
310 return ktime_sub_ns(kt, usec * 1000); 310 return ktime_sub_ns(kt, usec * 1000);
311} 311}
312 312
313extern ktime_t ktime_add_safe(const ktime_t lhs, const ktime_t rhs);
314
313/* 315/*
314 * The resolution of the clocks. The resolution value is returned in 316 * The resolution of the clocks. The resolution value is returned in
315 * the clock_getres() system call to give application programmers an 317 * the clock_getres() system call to give application programmers an
diff --git a/kernel/futex.c b/kernel/futex.c
index a6baaec44b8f..221f2128a437 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2116,7 +2116,7 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, u32 val,
2116 2116
2117 t = timespec_to_ktime(ts); 2117 t = timespec_to_ktime(ts);
2118 if (cmd == FUTEX_WAIT) 2118 if (cmd == FUTEX_WAIT)
2119 t = ktime_add(ktime_get(), t); 2119 t = ktime_add_safe(ktime_get(), t);
2120 tp = &t; 2120 tp = &t;
2121 } 2121 }
2122 /* 2122 /*
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
index 133d558db452..7d5e4b016f39 100644
--- a/kernel/futex_compat.c
+++ b/kernel/futex_compat.c
@@ -176,7 +176,7 @@ asmlinkage long compat_sys_futex(u32 __user *uaddr, int op, u32 val,
176 176
177 t = timespec_to_ktime(ts); 177 t = timespec_to_ktime(ts);
178 if (cmd == FUTEX_WAIT) 178 if (cmd == FUTEX_WAIT)
179 t = ktime_add(ktime_get(), t); 179 t = ktime_add_safe(ktime_get(), t);
180 tp = &t; 180 tp = &t;
181 } 181 }
182 if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE) 182 if (cmd == FUTEX_REQUEUE || cmd == FUTEX_CMP_REQUEUE)
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index 3f4a57c7895d..98bee013f71f 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -326,6 +326,23 @@ u64 ktime_divns(const ktime_t kt, s64 div)
326#endif /* BITS_PER_LONG >= 64 */ 326#endif /* BITS_PER_LONG >= 64 */
327 327
328/* 328/*
329 * Add two ktime values and do a safety check for overflow:
330 */
331ktime_t ktime_add_safe(const ktime_t lhs, const ktime_t rhs)
332{
333 ktime_t res = ktime_add(lhs, rhs);
334
335 /*
336 * We use KTIME_SEC_MAX here, the maximum timeout which we can
337 * return to user space in a timespec:
338 */
339 if (res.tv64 < 0 || res.tv64 < lhs.tv64 || res.tv64 < rhs.tv64)
340 res = ktime_set(KTIME_SEC_MAX, 0);
341
342 return res;
343}
344
345/*
329 * Check, whether the timer is on the callback pending list 346 * Check, whether the timer is on the callback pending list
330 */ 347 */
331static inline int hrtimer_cb_pending(const struct hrtimer *timer) 348static inline int hrtimer_cb_pending(const struct hrtimer *timer)
@@ -425,6 +442,8 @@ static int hrtimer_reprogram(struct hrtimer *timer,
425 ktime_t expires = ktime_sub(timer->expires, base->offset); 442 ktime_t expires = ktime_sub(timer->expires, base->offset);
426 int res; 443 int res;
427 444
445 WARN_ON_ONCE(timer->expires.tv64 < 0);
446
428 /* 447 /*
429 * When the callback is running, we do not reprogram the clock event 448 * When the callback is running, we do not reprogram the clock event
430 * device. The timer callback is either running on a different CPU or 449 * device. The timer callback is either running on a different CPU or
@@ -435,6 +454,15 @@ static int hrtimer_reprogram(struct hrtimer *timer,
435 if (hrtimer_callback_running(timer)) 454 if (hrtimer_callback_running(timer))
436 return 0; 455 return 0;
437 456
457 /*
458 * CLOCK_REALTIME timer might be requested with an absolute
459 * expiry time which is less than base->offset. Nothing wrong
460 * about that, just avoid to call into the tick code, which
461 * has now objections against negative expiry values.
462 */
463 if (expires.tv64 < 0)
464 return -ETIME;
465
438 if (expires.tv64 >= expires_next->tv64) 466 if (expires.tv64 >= expires_next->tv64)
439 return 0; 467 return 0;
440 468
@@ -682,13 +710,7 @@ u64 hrtimer_forward(struct hrtimer *timer, ktime_t now, ktime_t interval)
682 */ 710 */
683 orun++; 711 orun++;
684 } 712 }
685 timer->expires = ktime_add(timer->expires, interval); 713 timer->expires = ktime_add_safe(timer->expires, interval);
686 /*
687 * Make sure, that the result did not wrap with a very large
688 * interval.
689 */
690 if (timer->expires.tv64 < 0)
691 timer->expires = ktime_set(KTIME_SEC_MAX, 0);
692 714
693 return orun; 715 return orun;
694} 716}
@@ -839,7 +861,7 @@ hrtimer_start(struct hrtimer *timer, ktime_t tim, const enum hrtimer_mode mode)
839 new_base = switch_hrtimer_base(timer, base); 861 new_base = switch_hrtimer_base(timer, base);
840 862
841 if (mode == HRTIMER_MODE_REL) { 863 if (mode == HRTIMER_MODE_REL) {
842 tim = ktime_add(tim, new_base->get_time()); 864 tim = ktime_add_safe(tim, new_base->get_time());
843 /* 865 /*
844 * CONFIG_TIME_LOW_RES is a temporary way for architectures 866 * CONFIG_TIME_LOW_RES is a temporary way for architectures
845 * to signal that they simply return xtime in 867 * to signal that they simply return xtime in
@@ -848,16 +870,8 @@ hrtimer_start(struct hrtimer *timer, ktime_t tim, const enum hrtimer_mode mode)
848 * timeouts. This will go away with the GTOD framework. 870 * timeouts. This will go away with the GTOD framework.
849 */ 871 */
850#ifdef CONFIG_TIME_LOW_RES 872#ifdef CONFIG_TIME_LOW_RES
851 tim = ktime_add(tim, base->resolution); 873 tim = ktime_add_safe(tim, base->resolution);
852#endif 874#endif
853 /*
854 * Careful here: User space might have asked for a
855 * very long sleep, so the add above might result in a
856 * negative number, which enqueues the timer in front
857 * of the queue.
858 */
859 if (tim.tv64 < 0)
860 tim.tv64 = KTIME_MAX;
861 } 875 }
862 timer->expires = tim; 876 timer->expires = tim;
863 877
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
index 022c9c3cee6f..a9b04203a66d 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -767,9 +767,11 @@ common_timer_set(struct k_itimer *timr, int flags,
767 /* SIGEV_NONE timers are not queued ! See common_timer_get */ 767 /* SIGEV_NONE timers are not queued ! See common_timer_get */
768 if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) { 768 if (((timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE)) {
769 /* Setup correct expiry time for relative timers */ 769 /* Setup correct expiry time for relative timers */
770 if (mode == HRTIMER_MODE_REL) 770 if (mode == HRTIMER_MODE_REL) {
771 timer->expires = ktime_add(timer->expires, 771 timer->expires =
772 timer->base->get_time()); 772 ktime_add_safe(timer->expires,
773 timer->base->get_time());
774 }
773 return 0; 775 return 0;
774 } 776 }
775 777